Cryptographic expansion device and related protocols

ABSTRACT

A cryptographic expansion device that can be attached to a communication component of a communication device to enable the communication device to perform cryptographic operations on communications sent to and from the communication device is described. When used with a communication device, the cryptographic expansion device enables the communication device to send and received end-to-end secure encrypted communications. The cryptographic expansion device can be used with a communication device without requiring any changes to the internal software or hardware of the communication device and without requiring any modification to the communication protocols of the communication device. In some embodiments, the end-to-end secure communications enabled by the cryptographic expansion device can be utilized by a user of the communication device to perform financial and/or banking transactions.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims priority from U.S. Provisional PatentApplication No. 61/510,023, entitled “Systems and Methods for SecureMobile Communication,” filed Jul. 20, 2011, the contents of which ishereby incorporated in its entirety by reference for all purposes.

This application is related to commonly owned Patent Cooperation Treaty(PCT) application Ser. No. ______, entitled “Mobile Banking System withCryptographic Expansion Device,” filed Jul. 20, 2012, the contents ofwhich is hereby incorporated in its entirety by reference for allpurposes.

BACKGROUND

In developing countries and rural areas, less than 10% of the populationmay have access to banking services from traditional brick-and-mortarbanks. In such areas, a bank may be physically located too far away fora majority of the population to travel to. And even if a bank is nearby,it may be the only bank location in the vicinity of a vast regioncovering a large number of the population. The brick-and-mortar bank maynot have the resources and capacity to adequately support such a largenumber of customers, resulting in long wait times and inconvenience forthe bank's customers. In most developing countries, building additionalbank branches and/or installing automated teller machines (ATMs) atvarious locations are often not a viable solution due to the high costsof the complex infrastructure involved. Even in developed countrieswhere there are more bank branches and ATM locations available,customers may still have limited access to banking services such asservices that are not available from ATMs during non-business hours.Furthermore, certain customers such as the elderly or customers withdisabilities may still have difficulty getting to the bank branches orATM locations.

In recent years, the use of mobile devices in developed and developingcountries has grown rapidly. As such, one way of providing thesecommunities with access to banking services is to enable users of mobiledevices to perform mobile banking transactions, such as making mobilepayments or money transfers, or checking account balances or performingother account related services, directly from their mobile devices.However, security concerns are often a stumbling block that hinders thewide adoption and growth of mobile banking Most mobile devices lack thecapability to securely send end-to-end encrypted communication. As aresult, sensitive information, such as a Personal Identification Numbers(PINs) and Primary Account Numbers (PANs), might be sent in plaintextform, creating a vulnerability in which such sensitive information canbe intercepted by malicious parties and be used for fraudulent purposes.

While some security measures can be provided by mobile networkoperators, for example, to provide encryption capabilities at a basestation, the protection provided by such solutions is still limitedbecause the communication is still sent in plaintext form at some pointduring the transmission. Other solutions require re-provisioning ofusers' mobile devices, for example, by over the air (OTA) provisioning,and such solutions can be costly in terms of both deployment andoperating costs. Consequently, mobile operators have to either pass thiscost onto their customers or absorb it themselves. Thus, the total costof ownership (TCO) is also often a stumbling block that prevents theuptake and growth of mobile banking Without a cost-effective andefficient way to securely send and receive communication with mobiledevices, mobile banking operators are destined to incur losses or failto roll out their mobile banking services entirely.

Embodiments of the present invention address these and other problemsindividually and collectively.

BRIEF SUMMARY

Embodiments of the present invention disclose a cryptographic expansiondevice that can be attached to a communication component of acommunication device to enable the communication device to performcryptographic operations on communications sent to and from thecommunication device. When used with a communication device, thecryptographic expansion device enables the communication device to sendand received end-to-end secure encrypted communications. Thecryptographic expansion device according to various embodiments can beused with a communication device without requiring any changes to theinternal software or hardware of the communication device and withoutrequiring any modification to the communication protocols used by thecommunication device. In some embodiments, the end-to-end securecommunications enabled by the cryptographic expansion device can beutilized by a user of the communication device to perform financialand/or banking transactions.

According to at least one embodiment, the cryptographic expansion deviceis a cryptographic label that includes a hardware security moduledisposed therein. The hardware security module includes a secureprocessing unit and a public processing unit. The cryptographic labelalso includes a first set of electrical contacts disposed on the topside of the cryptographic label for interfacing to a communicationdevice, and a second set of electrical contacts disposed on the bottomside of the cryptographic label for interfacing to a communicationcomponent. A coupling element is also provided to attach thecryptographic label to the communication component. In an exemplaryembodiment, the communication device can be a mobile phone, thecommunication component can be a subscriber identity module (SIM) card,and the coupling element used for attaching the cryptographic label tothe communication component can be an adhesive material disposed on thecryptographic label

According to at least one embodiment, a communication system for sendingsecure communications includes a communication component and acryptographic label attached to the communication component. Thecryptographic label includes a cryptoprocessor disposed therein, andalso a processor coupled to cryptoprocessor disposed therein. Thecryptographic label also includes a set of electrical contacts thatelectrically couples the cryptographic label to the electrical contactsof the communication component. The cryptographic label enables a mobiledevice equipped with the communication component and the attachedcryptographic label to send encrypted data using the cryptoprocessor inthe cryptographic label. In an exemplary embodiment, the communicationcomponent can be a SIM card.

According to at least one embodiment, a method for enabling thetransmission of secure communications from a communication device usinga cryptographic label attached to a communication component of thecommunication device includes receiving a message in the cryptographiclabel, and determining if the message is associated with a secureoperation. A secure operation can include one or more of encryption,decryption, message authentication code generation or verification, hashgeneration or verification, or other functions to be performed by thecryptographic label. If it is determined that the message is associatewith a secure operation, a cryptographic operation is performed, by acryptographic processor disposed in the cryptographic label, on the dataor information associated with the secure operation. The data encryptedby the cryptographic processor is sent from the cryptographic label tothe communication device for transmission in a secure communication. Ifthe message is determined to be associated with a non-secure operation,the message is passed through to the communication component. In anexemplary embodiment, the communication device can be a mobile phone,the communication component can be a SIM card, and the securecommunication can be sent as a encrypted Short Message Service (SMS)message, an Unstructured Supplementary Service Data (USSD) message, aNear Filed Communication (NFC) communication, or a Radio Frequency (RF)communication.

These and other embodiments of the invention are described in furtherdetails below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a cryptographic expansion device and a communicationcomponent of a communication device, according to one embodiment of thepresent invention.

FIG. 2A illustrates a cross-sectional view of a cryptographic expansiondevice, according to one embodiment of the present invention.

FIG. 2B illustrates a top view of a cryptographic expansion device,according to one embodiment of the present invention.

FIG. 2C illustrates a bottom view of a cryptographic expansion device,according to one embodiment of the present invention.

FIG. 3 illustrates a block diagram of the components of a cryptographicexpansion device, according to one embodiment of the present invention.

FIG. 4 illustrates a conceptual block diagram of the functional blocksof a cryptographic expansion device, according to one embodiment of thepresent invention.

FIG. 5 illustrates a communication system for sending and receivingsecure communications using a cryptographic expansion device, accordingto one embodiment of the present invention.

FIG. 6 illustrates a diagram showing the process of initializing acommunication component in a communication device equipped with acryptographic expansion device, according to one embodiment of thepresent invention.

FIG. 7 illustrates a diagram showing the process of installing a usermenu in a communication device equipped with a cryptographic expansiondevice, according to one embodiment of the present invention.

FIG. 8 illustrates a diagram showing the process of performing anon-secure operation in a communication device equipped with acryptographic expansion device, according to one embodiment of thepresent invention.

FIG. 9 illustrates a diagram showing the process of performing a secureoperation in a communication device equipped with a cryptographicexpansion device, according to one embodiment of the present invention.

FIG. 10 illustrates a diagram showing the process of setting up a securecommunication channel between devices using a cryptographic expansiondevice, according to one embodiment of the present invention.

FIG. 11 illustrates a flow diagram of performing a secure operation witha cryptographic expansion device, according to one embodiment of thepresent invention.

FIG. 12 illustrates a block diagram of a communication device, accordingto one embodiment of the present invention.

DETAILED DESCRIPTION

Embodiments of the present invention disclose a cryptographic expansiondevice that can be attached to a communication component of acommunication device to enable the communication device to performcryptographic operations on communications sent to and from thecommunication device. The cryptographic expansion device includesembedded processors and storage capabilities that can be used toimplement a Federal Information Processing Standards (FIPS) complianthardware security module (HSM) to provide the communication device withthe set of security features and functions as found in industry-standardHSMs. When used with a communication device, the cryptographic expansiondevice enables the communication device to send and received end-to-endsecure communications, and enables mobile operators to utilize theirotherwise unsecure communication channels to send and receive encryptedcommunications. Furthermore, the cryptographic expansion deviceaccording to various embodiments can be used with a communication devicewithout requiring any changes to the internal software or hardware ofthe communication device and without requiring any modification to thecommunication protocols of the communication device. Thus, thecryptographic expansion device according to embodiments of the inventioncan be widely deployed in a cost-effective and efficient way. In someembodiments, the end-to-end secure communications enabled by thecryptographic expansion device can be utilized by a user of thecommunication device to perform financial and/or banking transactions.

Examples of the security features that the cryptographic expansiondevice can provide include running a secure operating system and securekey management related functions such as cryptographic key generation,configuration of security limits and capabilities of the cryptographickeys, cryptographic keys backup and recovery, secure cryptographic keysstorage, and revocation and destruction of cryptographic keys. Thecryptographic expansion device can encrypt and decrypt data usingvarious encryption standards and protocols including but not limited toAdvance Encryption Standard (AES), Data Encryption Standard (DES),Triple Data Encryption Standard/Algorithm (TDES/TDEA), Secure SocketLayer (SSL), Blowfish, Serpent, Twofish, International Data EncryptionAlgorithm (IDEA), Rivest, Shamir, & Adleman (RSA), Digital SignatureAlgorithm (DSA), Tiny Encryption Algorithm (TEA), extended TEA (XTEA),and/or other encryption algorithms or protocols. The cryptographicexpansion device can also generate and verify message authenticationcodes (MAC) and cryptographic hashes on communications sent to and froma communication device.

It should be appreciated that the cryptographic expansion deviceaccording to embodiments of the invention uses dedicated cryptographichardware components provided in the cryptographic expansion device toperform cryptographic operations. This is different from softwareencryption technologies that use software with a general purposeprocessor to perform encryption, and provides enhanced securityprotection over such software encryption technologies. In someembodiments, the cryptographic expansion device is implemented as a dualprocessing units device that includes a FIPS compliant secure processingunit and a public processing unit. This division in hardware rolesintroduces an additional level of security by providing a physical andlogical separation between interfaces that are used to communicatecritical security parameters and other interfaces that are used tocommunicate other data. Furthermore, the cryptographic expansion devicecan also provide a tamper-resistant mechanism that provides a high riskof destroying components in the cryptographic expansion device and thecryptographic keys stored therein, if any attempt is made to remove orexternally access the cryptographic expansion device.

As used herein, the term “secure communication” refers to acommunication that includes at least some portion of the communicationthat is sent or received in an encrypted format. The term “secureoperation” refers to a process or a function that involves performingone or more cryptographic operation. Examples of a “secure operation”can include sending or receiving of a secure or encrypted communication,or performing a financial or banking transaction with encrypted data.The term “cryptographic operation” refers to any of encryption,decryption, MAC generation or verification, hash generation orverification, and/or any of the functions provided by the cryptographicexpansion device as described herein. The term “non-securecommunication” refers to a communication that is sent or received inplaintext form. The term “non-secure operation” refers to a process or afunction that does not involve performing a secure operation.

According to various embodiments, the cryptographic expansion device canbe attached to a communication component of a communication device toenable the communication device to send and receive securecommunications. A communication device is a device that is capable ofsending and receiving communications with a recipient device. Thecommunication device can be a mobile device such as a mobile phone orother types of portable communication device (e.g., a personal digitalassistant, portable computing devices such as tablet computers orlaptops, or portable multi-functional devices that can send and receivecommunications such as portable media players/readers, portable gamingdevices, etc.). The recipient device that the communication devicecommunicates with can be another communication device, a payment devicesuch as point-of-sale (POS) device or an automated teller machine (ATM),networking equipment, and/or telecommunication equipment of a mobilenetwork operator. In some embodiments of the present invention, thecommunication device may lack the capability to perform cryptographicoperations to encrypt and decrypt communications sent to and from thecommunication device. A cryptographic expansion device can be attachedto a communication component of the communication device to provide thecommunication device with the capability to perform cryptographicoperations. In other embodiments, the communication device may becapable of performing some cryptographic operations, for example, toencrypt or decrypt data using encryption software. In such embodiments,a cryptographic expansion device can still be used with thecommunication device to expand and/or enhance the cryptographiccapabilities of the communication device, for example, to provideencryption algorithms that may otherwise be unavailable in theencryption software of the communication device.

According to some embodiments, the communication component that thecryptographic expansion device attaches to is a user-removablecommunication component of a communication device. For example, thecommunication component can be a subscriber identity module (SIM) cardor other types of communication card that is used in conjunction withthe communication device to send and receive communications. Thecommunication component can also be other types of user-removablecomponent of a communication device such as various types of memorycard, for example, a secure digital (SD) memory card that can be used inconjunction with the communication device to send and receivecommunications.

The communication component of a communication device can come invarious form factors. For example, in embodiments in which thecommunication component is a SIM card, the communication component canhave a form factor according to a full-sized SIM card or a mini-SIM cardas specified in the ISO/IEC 7810 standard, or a micro-SIM card or anano-SIM card as specified in the ETSI TS 102 221 standard. In otherembodiments, for example, in which the communication component is a SDmemory card, the communication component can have a form factoraccording to a full-size SD card, a micro-SD card, or a mini-SD card asspecified in the SD standard of the Secure Digital Association.

Physical Characteristics of Cryptographic Expansion Device

According to various embodiments, the cryptographic expansion device isa circuit board with integrated circuits implementing a hardwaresecurity module (HSM) disposed therein. The cryptographic expansiondevice can be a flexible printed circuit board in the form of a label.FIG. 1 illustrates a cryptographic expansion device and a communicationcomponent according to one embodiment of the invention. According to theembodiment as shown, the cryptographic expansion device is acryptographic label 100 with one or more integrated circuitsimplementing a hardware security module (HSM) 150 disposed therein, andthe communication component that the cryptographic label 100 attaches tois a SIM card 190 (e.g., a mini-SIM card as shown). It should beunderstood that while the description and explanation provided below aremade with reference to a particular embodiment, the description andexplanation provided below are applicable to and can be adapted forother embodiments, for example, embodiments in which the cryptographicexpansion device is used with a SIM card with a different form factor,or in which the cryptographic expansion device is used with other typesof communication component such as a memory card.

It should also be noted that although cryptographic label 100 is shownto be semi-transparent in FIG. 1, cryptographic label 100 is shown assuch for illustrative purposes. Thus, in some implementations,cryptographic label 100 can be opaque, and HSM 150 and the underlyingSIM card 150 may not be visible from the top of cryptographic label 100.

HSM 150 includes a public processing unit (PPU) 130 which can beimplemented with one or more processors or controllers, and a secureprocessing unit (SPU) 120 which can be implemented with one or morecryptoprocessors. In some embodiments, HSM 150 is a packagedsemiconductor chip that includes both SPU 120 and PPU 130 in a singlepackage, but with a logical and physical separation between SPU 120 andPPU 130. In other embodiments, SPU 120 and PPU 130 can be individuallypackaged semiconductor chips or semiconductor dies that are coupledtogether in cryptographic label 100 to implement HSM 150.

Cryptographic label 100 includes a coupling element that can be used toattach cryptographic label 100 to SIM card 190. In some embodiments, thecoupling element is an adhesive material 140 disposed on cryptographiclabel 100. Thus, cryptographic label 100 can be applied to the surfaceof SIM card 190 similar to an adhesive label or a sticker. In otherembodiments, the coupling element can be a mechanical mechanism such asnotches provided on cryptographic label 100 or a clip that can be usedto physically secure cryptographic label 100 to SIM card 190. In someembodiments, cryptographic label 100 can have a flexible orsemi-flexible substrate, for example, to facilitate the application ofcryptographic label 100 to the surface of SIM card 190. Cryptographiclabel 100 can also have a rigid or semi-rigid substrate, for example, toprovide stiffness to protect the cryptographic label 100.

According to various embodiments, cryptographic label 100 can havevarious different form factors. The thickness of cryptographic label 100is made to be thin enough such that when cryptographic label 100 isattached to SIM card 190, SIM card 190 can still be inserted or removedfrom a SIM card receiving slot of a communication device such as amobile phone. In one embodiment, the thickness of cryptographic label100 is less than 100 microns (um). In other embodiments, the thicknessof cryptographic label 100 can be less than 150 um, 200 um, 250 um, or300 um.

In some embodiments, cryptographic label 100 can have a form factor withplanar dimensions (e.g., length and/or width) that are substantially thesame as the planar dimensions of SIM card 190 as shown in FIG. 1. One ormore planar dimensions of cryptographic label 100 can be within 1%, 2%,5%, 10%, 15%, or 20% of the corresponding planar dimension of SIM card190. For example, in a particular embodiment in which the length of SIMcard 190 is 25 millimeters (mm) and the length of cryptographic label100 is within 10% of the length of SIM card 190, the length ofcryptographic label 100 can be between 22.5 mm (90% of 25 mm) and 27.5mm (110% of 25 mm).

In other embodiments, cryptographic label 100 can have a form factorwith one or more planar dimensions that is different than thecorresponding planar dimension of the communication component with whichcryptographic label 100 attaches to, if the size of cryptographic label100 does not prevent the communication component from being used with acommunication device. In other words, referring to the embodiment shownin FIG. 1, the planar dimensions of cryptographic label 100 should allowSIM card 190 attached with cryptographic label 100 to fit into a SIMcard receiving slot of a communication device. It should be noted thatthis does not mean that the planar dimensions of cryptographic label 100has to be smaller than SIM card 190. For example, in some embodiments,cryptographic label 100 can be longer than SIM card 190 and can extendout of a SIM card receiving slot of a communication device if thecommunication device can tolerate such a configuration. In otherembodiments in which the substrate of cryptographic label 100 is aflexible substrate, when cryptographic label 100 is applied to SIM card190, the excess portions of cryptographic label 100 that extends overthe surface of SIM card 190 can be folded over to wrap around SIM card190.

Furthermore, in some embodiments, a cryptographic label with a formfactor corresponding to one type of SIM card can be used with a SIM cardthat has a different form factor. For example, although cryptographiclabel 100 as shown in FIG. 1 has a form factor with planar dimensionsthat are substantially the same as a mini-SIM card, cryptographic label100 can be attached to a standard SIM card instead of a mini-SIM card.Similarly, a cryptographic label having a form factor with planardimensions that are substantially the same as a micro-SIM card can beattached to a mini-SIM card instead of a micro-SIM card.

FIG. 2A illustrates a cross sectional view along the length ofcryptographic label 100 according to one embodiment. Cryptographic label100 includes a set of electrical contacts 115 disposed on the top sideor on the upper surface of cryptographic label 100, a set of electricalcontacts 110 disposed on the bottom side or on the bottom surface ofcryptographic label 100, and a hardware security module (HSM) 150disposed in cryptographic label 100. According to some embodiments, HSM150 can be completely embedded in the substrate of cryptographic label100 as shown. In other words, HSM 150 does not protrude out ofcryptographic label 100 and is not visible from the top or bottom ofcryptographic label 100. In other embodiments, HSM 150 may extendslightly over the top and/or bottom of the substrate of cryptographiclabel 100, creating a bump on the top and/or bottom surface ofcryptographic label 100.

As mentioned above, HSM 150 can be a single packaged semiconductor chip.Alternatively, SPU 120 and PPU 130 can be individually packagedsemiconductor chips or semiconductor dies that are coupled together incryptographic label 100 to implement HSM 150. While SPU 120 and PPU 130are shown as being positioned side by side in FIG. 1, in otherembodiments, SPU 120 and PPU 130 can be vertically stacked in thesubstrate of cryptographic label 100. Interconnects and circuitselectrically coupling the various components (i.e. electrical contacts110, electrical contacts 155, HSM 150, and/or SPU 120 and PPU 130) ofcryptographic label 100 can be formed by etching the circuits into thesubstrate of cryptographic label 100, screen-printing the circuits ontothe substrate, or by providing the components of cryptographic label 100with solderble contacts that when heated, would bind to circuitry in thesubstrate to form the interconnects and circuits.

FIG. 2B illustrates a top view of cryptographic label 100 according toone embodiment. It should be understood that HSM 150 which includes SPU120 and PPU 130 is shown with dotted lines to indicate that thesecomponents may not be visible from the top side of cryptographic label100. The set of electrical contacts 115 on the top side of cryptographiclabel 100 is used for interfacing cryptographic label 100 to acommunications device; that is, to electrically couple cryptographiclabel 100 to a SIM card reader of a communications device when a SIMcard attached with cryptographic label 100 is inserted into a SIM cardreceiving slot of the communication device. Thus, the set of electricalcontacts 115 is positioned on the top side of cryptographic label 100 toalign with the electrical contacts of a SIM card reader of thecommunication device. According to some embodiments, the set ofelectrical contacts 115 can have eight contact pads, as shown. In otherembodiments, if some of the available signals are not used, the set ofelectrical contacts 115 may have less than eight contact pads, forexample, six contact pads.

FIG. 2C illustrates a bottom view of cryptographic label 100 accordingto one embodiment. It should be understood that HSM 150 which includesSPU 120 and PPU 130 is shown with dotted lines to indicate that thesecomponents may not be visible from the bottom of cryptographic label100. The set of electrical contacts 110 on the bottom side ofcryptographic label 100 is used for interfacing cryptographic label 100to a communications component, for example, to electrically couplecryptographic label 100 to a communication card such as SIM card 190.Thus, the set of electrical contacts 110 is positioned on the bottomside of cryptographic label 100 to align with the electrical contacts ofthe communications component (e.g., SIM card 190) that cryptographiclabel 100 attaches to. According to some embodiments, the set ofelectrical contacts 110 may can have eight contact pads, as shown. Inother embodiments, if some of the available signals are not used, theset of electrical contacts 110 may have less than eight contact pads,for example, six contact pads. Furthermore, the number of contact padsin the set of electrical contacts 110 on the bottom side ofcryptographic label 100 can be different than the number of contact padsin the set of electrical contacts 115 on the top side of cryptographiclabel 100.

According to some embodiments, an adhesive material 140 is disposearound the contact pads on the bottom side of cryptographic label 100,and may extend to the edges of the bottom surface of cryptographic label100. The adhesive material 140 can be used to secure cryptographic label100 to SIM card 190. In addition to securing cryptographic label 100 toSIM card 190, in one embodiment, the adhesive material 140 can alsoserve as a tamper-resistant mechanism to provide a high risk ofdestroying cryptographic label 100 if an attempt is made to removecryptographic label 100 from SIM card 190 after cryptographic label 100has been attached to SIM card 190. For example, after cryptographiclabel 100 has been applied to the surface of SIM card 190, if an attemptis made to remove cryptographic label 100 from SIM card 190 by peelingoff cryptographic label 100, the adhesive material 140 may rip apart thecontact pads of cryptographic label 100, and/or the interconnects andcircuits electrically coupling the components of cryptographic label 100to render cryptographic label 100 unusable. Alternatively or inaddition, the adhesive material 140 may rip apart portions of SIM card190 to render SIM card 190 unusable as well if an attempt is made toremove cryptographic label 100 from SIM card 190.

Internal Components and Features of Cryptographic Expansion Device

FIG. 3 shows a block diagram illustrating the hardware components of acryptographic expansion device 300 (e.g., cryptographic label 100 ofFIGS. 1 and 2A-C), according to one embodiment. Cryptographic expansiondevice 300 includes a public processing unit (PPU) 330, and a secureprocessing unit (SPU) 320 coupled to PPU 330. It should be noted thatalthough SPU 320 is coupled to PPU 330, cryptographic expansion device300 provides a logical and/or physical separation between SPU 320 andPPU 330. A “physical separation” refers to some physical boundarybetween SPU 320 and PPU 330. For example, SPU 320 and PPU 330 can beimplemented with and manufactured as separate semiconductor dies orseparately packaged semiconductor chips, and the physical boundary ofthe dies or chips can serve as the physical separation. A “logicalseparation” refers to the separation of the communication interface andstorage memory between SPU 320 and PPU 330. As shown in FIG. 3, SPU 320has its own communication interfaces 340, 345, and 350, which isseparate from communication interface 360 of SPU 320. PPU 330 also hasits own memory 338, which is separate from secure memory 390 of SPU 320.As will be explained below, the logical and/or physical separationprovided between SPU 320 and PPU 330 creates a division in hardwareroles to protect SPU 320 and the contents stored in secure memory 390from unauthorized accesses.

According to some embodiments, PPU 330 includes processor 337, memory338, a communication device interface 340, a communication componentinterface 345, and a PPU-to-SPU interface 350. Processor 337 can beimplemented as one or more processors or controllers. Memory 338 iscoupled to processor 337, and provides storage to store data andexecutable code that when executed by processor 337, causes processor337 to run an operating system (OS) and/or applications that can becomplaint with Payment Card Industry (PCI) and InternationalOrganization for Standardization (ISO) standards to manage thefunctionality and operations of cryptographic expansion device 300, andto process the exchange of information between the various interfaces ofPPU 330.

Communication device interface 340 is coupled to a set of electricalcontacts 315 that interfaces with a communication device such as amobile device (e.g., a mobile phone), and provides a set of signals thatcan include a clock signal and one or more data input/output (I/O)signals to send and receive commands and information between PPU 330 andthe communication device. Communication component interface 345 iscoupled to a set of electrical contacts 315 that interfaces to acommunication component such as a communication card (e.g., a SIM card),and provides a set of signals that can include a clock signal and one ormore data input/output (I/O) signals to send and receive commands andinformation between PPU 330 and the communication component. PPU-to-SPUinterface 350 is coupled to SPU 320, and provides a set of signals thatcan include a clock signal and one or more data input/output (I/O)signals to send commands and information such as encryption anddecryption requests to SPU 320, and to receive commands and informationsuch as encryption and decryption results from SPU 320. Because of thelogical and physical separation between SPU 320 and PPU 330, SPU 320 isexposed to PPU 330 only, and is not accessible to the communicationdevice or to the communication component, except through PPU 330. Hence,PPU 330 can serve as a firewall or a gatekeeper to ensure unauthorizedor unwanted communications such as hacking attempts are not sent to SPU320.

According to some embodiments, SPU 320 includes cryptoprocessor 380,secure memory 390, and SPU-to-PPU interface 360. SPU 320 can alsoinclude tamper detection sensors 370. As mentioned above, SPU 320 isaccessible from PPU 330 only, and receives commands and information fromPPU 330 through SPU-to-PPU interface 360. SPU-to-PPU interface 360provides a set of signals that can include a clock signal and one ormore data input/output (I/O) signals coupled to PPU-to-SPU interface 350that SPU 320 can use to communicate with PPU 330. In some embodiments,SPU 320 will only respond to encryption and decryption requests toperform cryptographic operations from PPU 330 received throughSPU-to-PPU interface 360.

Cryptoprocessor 380 can be implemented as one or more cryptographicprocessors. A cryptographic processor is different from a generalpurpose processor in that a cryptographic processor includes dedicatedcircuitry and hardware such as one or more cryptographic arithmeticlogic units (ALU) 382 that are optimized to perform computationalintensive cryptographic functions. Cryptographic ALU 382 can includeoptimized pipelines and widen data buses to enable cryptoprocessor 380to perform cryptographic operations faster and more efficiently thangeneral purpose processors.

Secure memory 390 is coupled to cryptoprocessor 380, and can bepartitioned into a cryptographic key storage 392 and a data storage 394.Data storage 394 can be read and written by cryptoprocessor 380, andprovides storage memory to store user data such as data that arereceived on SPU-to-PPU interface 360 from PPU 330, and encryption anddecryption results that are sent to PPU 330 through SPU-to-PPU interface360. Cryptographic key storage 392 can be read-only to cryptoprocessor380, and is used to store cryptographic keys and encryption algorithms.The cryptographic keys and algorithms stored in cryptographic keystorage 392 are provisioned by the manufacturer during manufacturing ofcryptographic expansion device 300, and cannot be altered by an externalsource without a master key that is only known to the manufacturerand/or authorized parties who are authorized to provision cryptographicexpansion device 300 such as a mobile network operator or a wirelessservice provider. In some embodiments, the contents of cryptographic keystorage 392 are never transmitted outside of SPU 320, and isinaccessible by PPU 330. The cryptographic keys and algorithms stored incryptographic key storage 392 can be provisioned to perform variousencryption standards and protocols including but not limited to AdvanceEncryption Standard (AES), Data Encryption Standard (DES), Triple DataEncryption Standard/Algorithm (TDES/TDEA), Secure Socket Layer (SSL),Blowfish, Serpent, Twofish, International Data Encryption Algorithm(IDEA), Rivest, Shamir, & Adleman (RSA), Digital Signature Algorithm(DSA), Tiny Encryption Algorithm (TEA), extended TEA (XTEA), and/orother encryption algorithms or protocols.

In some embodiments, SPU 320 may also include tamper detection sensors370 to detect external attempts to tamper with cryptographic expansiondevice 300. For example, tamper detection sensors 370 may includetemperature sensors to detect temperatures that may be indicative ofsomeone attempting to desolder components of cryptographic expansiondevice 300, and/or mechanical sensors to sense structural changes tocryptographic expansion device 300 that may be indicative of someoneattempting to dissect or cut open cryptographic expansion device 300.Tamper detection sensors 370 may also include electrical sensors tosense certain voltage, current, or impedance changes to the circuitry ofcryptographic expansion device 300 that may be indicative of someoneattempting to probe the components of cryptographic expansion device300, and/or electromagnetic sensors to sense certain radiation such asX-rays that may be indicative of someone attempting to examinecryptographic expansion device 300. In some embodiments, tamperdetection sensors 370 may include circuitry that can erase and whip outthe contents of secure memory 390 to render SPU 320 and/or cryptographicexpansion device 300 unusable in response to detecting an attempt totamper with cryptographic expansion device 300. Cryptographic expansiondevice 300 can also be configured with organic or soluble interconnectsthat can be dissolved by a solvent released by tamper detection sensors370 in response to detecting an attempt to tamper with cryptographicexpansion device 300.

FIG. 4 shows a conceptual block diagram illustrating the functionalfeatures of a cryptographic expansion device 400, according to oneembodiment. Cryptographic expansion device 400 can be implemented with,for example, the hardware components described with reference to thecryptographic expansion device 300 of FIG. 3. PPU 430 of cryptographicexpansion device 400 includes an operating system (OS) 434, acommunication device application programming interface (API) 432, and acommunication component API 433. OS 434, communication device API 432,and communication component API 433 together form an access layer 431,which represents the publicly accessible portion of cryptographicexpansion device 400. By “publicly accessible,” it is meant that anydevice or components of communication device 415 (e.g., a mobile phone)that can communicate directly with communication component 410 (e.g., aSIM card), or with a communication component reader of a communicationdevice 415 (e.g., a SIM card reader of a mobile device), would be ableto send and receive commands and information to and from access layer431.

Communication device API 432 provides a programming interface totranslate commands and information received from communication device415 into instructions and data that OS 434 can process and execute, andvice versa. For example, communication device API 432 may translatecommands from communication device 415 according to a mobile phone's SIMtoolkit protocol into instructions and data that OS 434 can process andexecute to respond to the commands, and vice versa. Communicationcomponent API 433 provides a programming interface to translate commandsand information received from communication component 410 intoinstructions and data that OS 434 can process and execute, and viceversa. For example, communication component API 433 may translatecommands from communication component 410 according to a SIM card's SIMtoolkit protocol into instructions and data that OS 434 can process andexecute to respond to the commands, and vice versa.

OS 434 manages the functionality and operations of cryptographicexpansion device 400, and responds to commands and information fromcommunication device 415 (e.g, a mobile device such as a mobile phone)and/or communication component 410 (e.g., a SIM card). The functionalityand operations of cryptographic expansion device 400 that OS 434 canmanage includes responding to user input received on communicationdevice 415 that relates to cryptographic operations, masking PIN entrieson a user interface of communication device 415, creating ISO PIN blocksin SPU 420, sending encryption and decryption requests to SPU 420 forsecure communications sent to and from a communication interface ofcommunication device 415, sending requests to SPU 420 to create orverify MAC or hash values for messages or portions of messages sent toand from a communication interface of communication device 415,providing certificates for HTTPS applications, storing encryptedcommunications history, providing basic encryption to externalapplications, and managing commands and information exchange through thevarious interfaces such as passing through commands and informationbetween communication device 415 to communication component 410.

For example, in response to encryption and decryption commands receivedfrom communication device 415 on communication device API 432, OS 434can send encryption and decryption requests and associated data to SPU420. OS 434 may access and process information stored in communicationcomponent 410 in response to a command to perform as such received fromcommunication device 415 on communication device API 432. OS 434 canalso access information stored in communication component 410 andforward the information to SPU 420 in response to encryption anddecryption commands involving such information. OS 434 can forwardencryption and decryption results from SPU 420 to communication device415 and/or communication component 410. OS 434 can also issue commandsto communication device 415 and/or communication component 410, forexample, commands to request communication device 415 to send a securecommunication with data encrypted by SPU 420.

For non-secure commands and information (i.e. commands and informationthat do not involve cryptographic operations), OS 434 can pass throughor forward the non-secure commands and information between communicationdevice 415 and communication component 410. For example, in response tonon-secure commands and information from communication device 415intended for communication component 410 received on communicationdevice API 432, OS 434 can pass through or forward the non-securecommands and information to communication component 410 throughcommunication component API 433. In response to non-secure commands andinformation from communication component 410 intended for communicationdevice 415 received on communication component API 433, OS 434 can passthrough or forward the non-secure commands and information tocommunication device 415 through communication device API 432.

SPU 420 of cryptographic expansion device 400 includes a cryptographicmodule API 421 and cryptographic module 422. Cryptographic module API431 provides a programming interface to translate commands andinformation received from OS 434 into instructions and data thatcryptographic module 422 can process and execute, and vice versa. Forexample, OS 434 may send an encryption/decryption request to SPU 420,and cryptographic module API 431 may translate the encryption/decryptionrequest into an encryption/decryption instruction for cryptographicmodule 422 to execute. In some embodiments, cryptographic module API 431may also include, in the translated encryption/decryption instruction,which particular encryption algorithm cryptographic module 422 shoulduse based on the particular application that is requesting thecryptographic operation.

According to various embodiments, cryptographic module 422 includes asecure application module 441, an encryption/decryption module 442, asecure key module 451, a seed key module 452, a random number generator453, an ISO 0/1 PIN module 454, a MAC/HASH module 455, and a certificatemodule 456. In other embodiments, cryptographic module 422 may includeadditional modules to perform other cryptographic operations. Secureapplication module 441 can store one or more secure applications such asmobile banking applications or contactless payment applications. Secureapplication module 441 can process user input selecting a particularfunction of the secure applications stored therein, and can respond withone or more commands instructing communication device 415 to performcertain operations, for example, to send an encrypted communication orsend a sequence of messages to initiate communication with anotherdevice to carry out the user selected function. Secure applicationmodule 441 can also instruct encryption/decryption module 442 to performspecific cryptographic operations depending on the user selectedfunction.

Encryption/decryption module 442 can store and execute variousencryption algorithms such as Advance Encryption Standard (AES), DataEncryption Standard (DES), Triple Data Encryption Standard/Algorithm(TDES/TDEA), Blowfish, Serpent, Twofish, International Data EncryptionAlgorithm (IDEA), Rivest, Shamir, & Adleman (RSA), Digital SignatureAlgorithm (DSA), Tiny Encryption Algorithm (TEA), extended TEA (XTEA),and/or other cryptographic or encryption algorithms. In response toencryption and decryption requests from PPU 430 or from secureapplication module 441, encryption/decryption module 442 can look up therequested encryption algorithm, obtain any necessary keys from othermodules in cryptographic module 422, perform the encryption/decryptionrequest, and respond with the encrypted/decrypted data.

Secure key module 451 stores the set of cryptographic or encryption keysthat are used in the various encryption algorithms performed byencryption/decryption module 442. The encryption keys can includesymmetric keys and/or asymmetric keys. Seed key module 452 stores a setof seed keys that are used to initialize the encryption/decryptionmodule 442 in certain encryption algorithms such as AES. Seed key module452 also stores seed keys that are used by random number generator 453to generate random numbers used in certain encryption algorithms such asRSA and DSA. The encryption keys stored in secure key module 451 and/orthe seed keys stored in seed key module 452 are provisioned duringmanufacturing, and cannot be altered by an external source without amaster key that was used during manufacturing to program cryptographicmodule 422. The encryption keys and seed keys can also be provisioned tobe specific to a particular cryptographic expansion device, and hencethe encryption keys and seed keys can be user-specific and unique to theuser of the cryptographic expansion device 400. One advantage ofproviding user-specific keys is that if the cryptographic keys stored incryptographic module 422 is somehow compromised, the infiltration willbe isolated to a single user, and the remaining user base of the mobilenetwork will not be compromised. The affected user's keys can be changedwithout impacting the configuration of the remaining user base.

In some embodiments, cryptographic module 422 includes an ISO PIN module454 to mask a user's PIN entry into the communication device 415 and togenerate PIN blocks (e.g., ISO format 0/1 PINs) in accordance with ISO9564 standard. The PIN blocks generated by ISO PIN module 454 storesPINs in an encrypted format that are used to verify a user's identity inbanking transactions. The encrypted PINs stored in the PIN blocks of ISOPIN module 454 can be passed from SPU 420 to PPU 430 to be included insecure communications sent from communication device 415. It should benoted that the PINs stored in ISO PIN module 454 are never stored inplaintext form, but are instead stored in an encryption format.

Cryptographic module 422 also include Message Authentication Code(MAC)/Hash module 455 to generate and verify MACs and/or hashes forsecure communications sent to and from communication device 415. A MACor a hash can be generated for a message or a portion of the messagesuch that the recipient can verify the message's data integrity andauthenticity. Cryptographic module 422 can also include a certificatemodule to provide certificates such as Transport Layer Security (TLS)and Secure Sockets Layer (SSL) certificates used to verify a user'sidentity in Hypertext Transfer Protocol Secure (HTTPS) applications suchas web applications accessed on a web browser of communication device415.

Functional Operations of Cryptographic Expansion Device

FIG. 5 illustrates a communication system 500 for sending and receivingsecure communication according to an exemplary embodiment of the presentinvention. Communication system 500 includes a cryptographic expansiondevice attached to a communication component installed in acommunication device. In the exemplary embodiment as shown, thecryptographic expansion device is a cryptographic label 501, thecommunication component is a SIM card 510, and the communication deviceis a mobile phone 515. It should be understood that in otherembodiments, the cryptographic expansion device can be any of theembodiments described herein, communication device can be other types ofcommunication device described above, and the communication componentcan be other types of user-removable communication component of acommunication device such as a memory card.

In accordance with embodiments of the present invention, when mobiledevice 515 is equipped with cryptographic label 501, mobile device 515can use one or more of the communication interface available in mobiledevice 515 to send and receive end-to-end secure communications with arecipient device. For example, cryptographic label 501 can enable mobiledevice 515 to send encrypted Short Message Service (SMS) or UnstructuredSupplementary Service Data (USSD) messages using the cellular interfaceof communication device 515. In some embodiments in which mobile device515 has a Near Filed Communication (NFC) or Radio Frequency (RF)interface, cryptographic label 501 can enable mobile device 515 to sendencrypted data in NFC or RF communication using the NFC or RF interfaceof communication device 515. Thus, cryptographic label 501 can be usedwith mobile device 515 to encrypt and decrypt any type of communicationthat mobile device 515 is capable of sending and receiving. In someembodiments, the end-to-end secure communications enabled by thecryptographic label 501 can be utilized by a user of the communicationdevice to access mobile banking services such as managing financialaccounts and performing various financial and/or banking transactions.Examples of these mobile banking services include but are not limited tomaking mobile payments, making mobile money transfers, buying andselling of securities, checking account balances, and or making otherfinancial account inquiries.

When cryptographic label 501is attached to SIM card 510 and installed ina SIM card receiving slot of mobile device 515, cryptographic label 501can provide and/or expand the capability of mobile device 515 to performcryptographic operations to send and receive secure communications. Itshould be appreciated that in various embodiments, cryptographic label501 provides mobile device 515 with the cryptographic capabilitieswithout requiring any modifications to the internal hardware and/orsoftware of mobile device 515 and without requiring any modifications tothe internal hardware and/or software of SIM card 510. According tovarious embodiments, SIM card 510 is a standard SIM card that conformsto the ISO/IEC 7810 or ETSI TS 102 221 standards, and cryptographiclabel 501 can be applied to the surface of SIM card 510 withoutrequiring any physical modifications to the SIM card itself. Forexample, cryptographic label 501 can be attached to a standard SIM cardand be used in a mobile device without requiring the SIM card to be cutor trimmed, and without requiring any holes or openings to be formed inthe SIM card.

The interactions and the exchange of commands and information betweencryptographic label 501, mobile device 515, and SIM card 510 in theexemplary communication system 500 according to one embodiment will nowbe described in more details with reference FIGS. 6-9. It should beunderstood that while the description and explanation provided below aremade with reference to the particular embodiment shown in FIG. 5, thedescription and explanation provided below are applicable to and can beadapted for other embodiments, for example, embodiments in which thecryptographic expansion device is used with other types of communicationcomponent such as a memory card. Furthermore, the description andexplanation provided below are made with reference to commands accordingto SIM toolkit (STK) protocol to illustrate that cryptographic label 501can interoperate with mobile device 515 using the protocol that mobiledevice 515 uses to communicate with SIM card 510. In other embodimentsin which the communication device communicates with a communicationcomponent using a different protocol, the description and explanationprovided below can be adapted to use the commands in accordance withthat protocol such that cryptographic label 501 can interoperate withthe communication device seamlessly with requiring any modifications tothe software of the communication device.

FIG. 6 illustrates an SIM card initialization sequence according to oneembodiment of the invention. When mobile device 515 powers up or isturned on, mobile device 515 issues a series of select file and readcommands to the SIM card reader of the mobile device to read subscriberinformation from a SIM card to register the SIM card with a mobilenetwork. Because cryptographic label 510 is attached to SIM card 510 andsits between SIM card 510 and mobile device 515, when cryptographiclabel 510 receives these commands from mobile device 515, cryptographiclabel 510 passes through or forwards these commands to SIM card 510.

For example, after power up, mobile device 515 may send a select filecommand 602 to select a designated file in the file system of SIM card510 that stores subscriber information or other types of SIM cardrelated information. Upon receiving the select file command 602,cryptographic label 501 determines that the file being requested is afile in the file system of SIM card 510, and passes through or forwardsthe select file command 602 to SIM card 510. SIM card 510 receives theselect file command 602, accesses the requested file, and sends anresponse 604 towards cryptographic label 501 indicating that therequested file was accessed successfully and is ready to be read.Cryptographic label 501 then passes through or forwards response 604 tomobile device 515. In response to receiving response 604 notifyingmobile device 515 that the requested file is ready to be read, mobiledevice 515 sends a read command 610 towards SIM card 510. Upon receivingthe read command 610, cryptographic label 501 passes through or forwardsthe read command 610 to SIM card 510. In response to the read command610, SIM card 510 sends file content 612 of the requested file towardsmobile device 515. Depending on the file being requested, file content612 may include subscriber information, location/region information,configuration information such as language preference, and/or othertypes of SIM card information. Upon receiving file content 612,cryptographic label 501 passes through or forwards file content 612 tomobile device 515. The above series of commands and exchange ofinformation may occur multiple times to allow mobile device 515 to readany information stored in SIM card 510 that mobile device 515 may useduring its SIM card initialization sequence.

After mobile device 515 finishes reading the information stored in SIMcard 510, mobile device 515 may send a terminal profile 614 towards SIMcard 510 to inform SIM card 510 of the properties and capabilities ofmobile device 515. The terminal profile may include properties of themobile device such as the types of communication interfaces available onthe mobile device. Upon receiving terminal profile 614, cryptographiclabel 501 may inspect terminal profile 614 to learn the properties andcapabilities of mobile device 515. Cryptographic label 501 then passesthrough or forwards terminal profile 614 to SIM card 510. SIM card 510may send a response 616 towards mobile device to indicate that terminalprofile 614 was successfully received. Upon receiving response 616,cryptographic label 501 passes through or forwards response 616 tomobile device 515.

Next, the process of installing a user menu that lists the features ofSIM card 510 and cryptographic label 501 onto mobile device 515according to one embodiment of the invention will be described withreference to FIG. 7. After the SIM card initialization sequence of FIG.6, mobile device 515 may send a fetch command 702 towards SIM card 510to obtain any pending commands that SIM card 510 wants mobile device 515to perform. Upon receiving fetch command 702, cryptographic label 501may pass through or forward fetch command 702 to SIM card 510. SIM card510 may respond with a set-up-menu command 706 that includes a list offeatures of SIM card 510 to be included in the user menu of mobiledevice 515. Upon receiving set-up-menu command 706 from SIM card 510,cryptographic label 501 can add its own list of user selectable featuresto the features of SIM card 510 listed in set-up-menu command 706, andgenerates a set-up-menu command 708 that lists the features of both SIMcard 510 and cryptographic label 501. The list of features added bycryptographic label 501 can include, for example, mobile bankingfeatures such as a menu selection for making mobile payments, a menuselection for making mobile money transfer, a menu selection for afinancial account inquiry, a menu selection for making a contactlesspayment, and/or other menu selections for services related to financialor banking transactions that a user can perform using mobile device 515equipped with cryptographic label 501. Cryptographic label 501 thensends set-up-menu command 708 that includes the list of features of bothSIM card 510 and cryptographic label 502 to mobile device 515. Inresponse to receiving set-up-menu command 708, mobile device 515 addsthe list of features of SIM card 510 and cryptographic label 501 to theuser menu of mobile device 515.

Mobile device 515 can send a terminal response 710 towards SIM card 510to indicate that the user menu is set up successfully. Upon receivingterminal response 710, cryptographic label 501 passes through orforwards terminal response 710 to SIM card 510. SIM card 510 may replywith a response 712 indicating acknowledgement of terminal response 710towards mobile device 515. Cryptographic label 501 then passes throughor forwards response 712 to mobile device 515. Mobile device 515 canthen display to a user the features and services that cryptographiclabel 501 can provide on mobile device 515, and the user can select oneor more features of cryptographic label 501 from the user menu of mobiledevice 515 to send secure communication to perform various financialand/or banking transactions. A user can also select non-secure featuresof SIM card 510, for example, to send unencrypted SMS messages, from theuser menu of mobile device 515.

FIG. 8 illustrates a non-secure operation being performed with mobiledevice 515 using SIM card 510, according to one embodiment. When a userselects a feature of SIM card 510 to perform a non-secure operation(e.g., send unencrypted SMS, or display a message stored on SIM card510, etc.) from the user menu of mobile device 515, mobile device 515sends a menu selection command 802 indicating the selection of thenon-secure operation towards SIM card 510. Upon receiving menu selectioncommand 802, cryptographic label 501 determines that the menu selectioncommand 802 is requesting a feature of SIM card 510. Cryptographic label501 then passes through or forwards menu selection command 802 to SIMcard 510. In response to receiving menu selection command 802, SIM card510 sends a response 804 towards mobile device 515 to indicate the menuselection command 802 has been received. SIM card 510 processes menuselection command 802 and prepares one of more device commands to sendto mobile device 515 to carry out the non-secure operation beingrequested.

Upon receiving response 804 indicating menu selection command 802 hasbeen received by SIM card 510, cryptographic label 501 passes through orforwards response 804 to mobile device 515. Mobile device 515 may thensend a fetch command 806 towards SIM card 510 to obtain any pendingcommands that SIM card 510 wants mobile device 515 to perform to carryout the non-secure operation selected by the user. Upon receiving fetchcommand 806, cryptographic label 501 passes through or forwards fetchcommand 806 to SIM card 510. SIM card 510 responds to fetch command 806by sending a device command 808 towards mobile device 515 to instructmobile device 515 to perform one or more functions of mobile device 515to carry out the non-secure operation. For example, device command 808may instruct mobile device 515 to send an unencrypted SMS over thecellular interface of mobile device 515, or display a stored SMS messageon the screen of mobile device 515. Upon receiving device command 808from SIM card 519, cryptographic label 501 passes through or forwardsdevice command 808 to mobile device 515. Mobile device 515 then executesdevice command 808 to carry out the non-secure operation requested bythe user.

FIG. 9 illustrates a secure communication being sent from mobile device515 using cryptographic label 501, according to one embodiment. When auser selects a secure application such as a mobile banking applicationin cryptographic label 501 from the user menu of mobile device 515 toperform a secure operation such as a financial and/or bankingtransaction, for example, to make a mobile payment or to check anaccount balance, mobile device 515 sends a menu selection command 902indicating the secure operation the user wants to perform tocryptographic label 501. Upon receiving menu selection command 902,cryptographic label 501 determines that the menu selection command 902is requesting a secure application of cryptographic label 501 to performa secure operation.

Depending on the secure operation selected by the user, cryptographiclabel 501 may optionally retrieve information stored in cryptographiclabel 501 such as an encrypted PIN to carry out the secure operation. Insome embodiments, certain information stored in SIM card 510 may also beused to carry out the secure operation. For example, the secureoperation may include sending a secure communication from mobile device515 to a recipient device, and the unique serial number (ICCID) of SIMcard 510 and/or the international mobile subscriber identity (IMSI) ofSIM card 510 may be included in the secure communication to verify theidentity of the SIM card holder. In such embodiments, cryptographiclabel 501 may optionally send a select file command 904 to SIM card 510to access the designated file storing the information in SIM card 510.In response to receiving select file command 904, SIM card 510 sends aresponse 906 to cryptographic label 501 indicating the designated filehas been selected and is ready to be read. Cryptographic label 501 thensends a read command to 908 to SIM card 510 to read the information fromthe designated file. In response to read command 908, SIM card sendsfile content 910, for example, the ICCID and/or IMSI of SIM card 510, tocryptographic label 501.

Next, cryptographic label 501 sends a response 912 to mobile device 515to acknowledge that the menu selection command 902 was received. Mobiledevice 515 then sends a fetch command 914 to cryptographic label 501 toobtain any pending commands that cryptographic label 501 wants mobiledevice 515 to perform to carry out the secure operation. In someembodiments, depending on the secure operation selected by the user, inresponse to receiving fetch command 914, cryptographic label 501 mayoptionally send a display command (not shown) to mobile device 515 toinstruct mobile device 515 to prompt a user for input on the displayscreen of mobile device, for example, to prompt the user to enter a PIN,account information, payment recipient information, or other informationrelated to the secure operation being performed. When the user entersthe requested information on the user interface of mobile device 515,mobile device 515 sends a user-input-event command (not shown) tocryptographic label 501 to notify cryptographic label 501 that userinput has been received. Cryptographic label 501 can then send aget-user-input command 916 to mobile device 515 to request the userinput. In response, mobile device 515 sends the user input 918 tocryptographic label 501. Cryptographic label 501 may performcryptographic operations on the user input such as encrypting the userinput using any of the encryption algorithms stored in cryptographiclabel 501, or generate a MAC or hash of the user input. Cryptographiclabel 501 sends a response 920 to mobile device acknowledging the userinput has been received.

Mobile device 515 may send another fetch command (not shown) tocryptographic label 501 to obtain further device commands thatcryptographic label 501 wants mobile device 515 to execute to carry outthe secure operation. Thus, mobile device 515 and cryptographic label501 can optionally exchange a series of fetch commands and devicecommands in response to those fetch commands to instruct mobile device515 to perform various functions to carry out the secure operationselected by the user. Furthermore, depending on the secure operationselected by the user, the information that cryptographic label 501 mayrequest or use to carry out the secure operation is not just limited touser input. For example, cryptographic label 501 may send commands tomobile device 515 to instruct mobile device 515 to retrieve informationusing any of the interfaces of mobile device 515. Cryptographic label501 may instruct mobile device 515 to obtain location information from aglobal positioning system interface of mobile device 515. Cryptographiclabel 501 may request information received from an external NFC devicethrough a NFC interface of mobile device 515. Cryptographic label 501may instruct mobile device 515 to retrieved information from theinternet through a wireless data interface of mobile device 515, and soon. Cryptographic label 501 may perform additional cryptographicoperations on any information obtained from the various interfaces ofmobile device 515.

Once cryptographic label 501 has obtained and performed the desiredcryptographic operations on the information (e.g., account numbers,transaction amount, etc.) that cryptographic label 501 will use to carryout the secure operation, in response to a fetch command 922 receivedfrom mobile device 515, cryptographic label 501 can transmit a sendcommunication command 924 with an encrypted message that includes any ofthe information described above to mobile device 515. The sendcommunication command 924 can instruct mobile device 515 to transmit anencrypted message provided by cryptographic label 501 using any of thecommunication interfaces available on mobile device 515. For example,the send communication command 924 may instruct mobile device 515 tosend a secure SMS message with encrypted data provided by cryptographiclabel 501 to a server to make a mobile payment or to check accountbalance. The send communication command 924 may instruct mobile device515 to send a secure USSD message with encrypted data to start a USSDtwo-way communication session with a banking server. The sendcommunication command 924 may also instruct mobile device 515 to send asecure NFC or RF communication with encrypted data via the NFC or RFinterface of mobile device 515 to a NFC or RF enabled recipient devicesuch as a point-of-sale (POS) terminal. Because the information thatmobile device 515 transmits out in the secure communication is providedto mobile device 515 in an encrypted format by cryptographic label 501,the secure communication is already encrypted when it leaves thecommunication interface of mobile device 515. In this manner, secureencrypted end-to-end communication can be maintained between mobiledevice 515 and a recipient device.

Referring now to FIG. 10, in some embodiments, the send communicationcommand 924 may instruct mobile device 515 to send a series of messagesto a recipient device 585 to set up a secure communication channel ortunnel. The series of messages 1012-1020 can be used to verify theidentity of recipient device 585 and to verify the identity of mobiledevice 515 to recipient device 585. This way of verifying the identitiesof the communicating devices can be especially useful with NFC and/or RFcommunications where the identity of the recipient device 585 may not beknown to mobile device 515 prior to the communication. The series ofmessages 1012-1020 can be a number challenge that includes a specificsequence of numbers that is only known to mobile device 515 as providedby cryptographic label 501, and only known to authorized recipientdevices that are allowed to communicate with mobile device 515.

When recipient device 585 first receives message 1012, recipient device585 does not initially respond to message 1012. Recipient device 585will not respond until all messages 1012-1020 has been received byrecipient device 585, and the number sequence transmitted in messages1012-1020 is confirmed to be a valid and correct sequence. Thus,recipient device 585 can verify the identity of mobile device 515 basedon the number challenge received in the series of messages 1012-1020.Mobile device 515 can also use the number challenge to verify theidentity of recipient device 585. For example, if a recipient deviceresponse to message 1012, mobile device 515 can determine that therecipient device is not an authorized recipient device because anauthorized recipient device would not respond right away to message1012. It should be appreciated that the series of messages 1012-1020 isnot limited to five messages as shown, and can include any number ofmessages, and that the number challenge can be any sequence of numbers,sequence of alphanumeric characters, or sequence of other types ofmessages. Furthermore, in other embodiments, mobile device 515 equippedwith cryptographic label 501 can act as a recipient device and be on thereceiving end of a number challenge.

In some embodiments, to provide an additional level of security toverify the identity of the devices, recipient device 585 can respond tothe reception of a valid and correct number challenge with an encryptionkey challenge 1024. The encryption key challenge 1024 can be a symmetrickey challenge or an asymmetric key challenge. In the encryption keychallenge 1024, recipient device 585 can send a random number to mobiledevice 515 to request mobile device 515 to encrypt the random numberwith an encryption key that would only be known to an authorized device.Mobile device 515 can send the random number to cryptographic label 501and request cryptographic label 501 to encrypt the random number usingthe requested encryption key stored in cryptographic label 501.Cryptographic label 501 can respond to mobile device 515 with theencrypted random number, and mobile device 515 then sends the encryptedrandom number to recipient device 585. Recipient device 585 thendecrypts the encrypted random number with a corresponding key, which canbe a symmetric key or an asymmetric key. If the decryption results inthe random number that recipient device 585 has previously sent tomobile device 515, then recipient device can be further assured thatmobile device 515 equipped with cryptographic label 501 is an authorizeddevice, and a secure communication channel or tunnel can be establishedbetween mobile device 515 and recipient device 585. Exchange ofsensitive information with secure communications between the two devicescan then proceed.

One advantage of the being able to verify the identities of thecommunicating devices using cryptographic label 501 as describe above isthat the number sequence of the number challenge and the encryption keyused in the encryption key challenge can be provisioned to be unique foreach cryptographic label, and thus can be provisioned to be userspecific. If the number sequence and/or the encryption key used in theencryption key challenge is somehow compromised, the infiltration willbe isolated to a single user, and the remaining user base of the mobilenetwork will not be compromised. The affected user's keys can be changedwithout impacting the configuration of the remaining user base.

FIG. 11 illustrates a flow diagram for performing a secure operationusing a cryptographic expansion device (e.g., cryptographic label 501 ofFIG. 5) attached to a communication component (e.g., SIM card 510 ofFIG. 5) of a communication device (e.g., mobile device 515 of FIG. 5),according to various embodiments. At block 1102, the cryptographicexpansion device receives a protocol message from the communicationdevice according to a communication protocol that the communicationdevice uses to communicate with the communication component. Theprotocol message can be a command or information that is associated witha secure operation to be performed by the cryptographic expansiondevice. For example, the protocol message can be a command associatedwith a request from a user to perform a financial or banking transactionusing a secure application stored in the cryptographic expansion devicesuch as a mobile banking application or a contactless paymentapplication. The financial or banking transaction can be a mobilepayment, a mobile money transfer, an account balance inquiry, or otherfinancial or banking transactions or account inquiries, and may involvesending or receiving a secure communication. The protocol message canalso be a command or information associated with a non-secure operationthat is intended for the communication component of the communicationdevice. In some embodiments, the protocol message can include a flag ora protocol identification (ID) field to indicate whether the protocolmessage is intended for the communication component.

At block 1104, the cryptographic expansion device determines if theprotocol message is associated with a secure operation. If thecryptographic expansion device determines that the protocol messageinvolves a secure operation to be performed by the cryptographicexpansion device, for example, by examining the flag or the protocol IDof the protocol message, then at block 1106, the cryptographic expansiondevice processes the protocol message and performs a cryptographicoperation on data or information associated with the secure operation asindicated by the protocol message. The data or information can be dataor information that is stored in the cryptographic expansion deviceand/or in the communication component, or data or information such asuser input or other information that is obtained from an interface ofthe communication device. For example, to carry out a secure operationsuch as sending a secure communication to perform a financial or bankingtransaction, the cryptographic expansion device may retrieve anencrypted PIN from the cryptographic expansion device, obtain subscriberinformation from the communication component, and/or obtain user inputfrom the communication device such as a PAN or a portion of a PANentered by a user on the user interface of the communication device. Thedata or information associated with the secure operation can also beembedded in the protocol message received from the communication device.For example, the protocol message received from the communication devicecan include an encrypted communication for the cryptographic expansiondevice to decrypt.

To perform the cryptographic operation on data or information associatedwith the secure operation, the cryptographic expansion device may selecta suitable encryption and/or MAC or hash algorithm stored in thecryptographic expansion device. The cryptographic expansion device thenretrieves a cryptographic or encryption key associated with the selectedencryption, and performs a cryptographic operation such as encrypting ordecrypting the data or information associated with the secure operationusing the encryption key and selected algorithm. The cryptographicexpansion device may also generate or verify a MAC or hash on data orinformation associated with the secure operation.

Then at block 1108, the cryptographic expansion device sends a devicecommand and/or the result of the cryptographic operation (encrypted ordecrypted data) to the communication device, in accordance with theprotocol of the protocol message. The device command can includecommands instructing the communication device to perform certainoperations to carry out the secure operation such as sending encrypteddata provided by the cryptographic expansion device in a securecommunication on a communication interface of the communication device.In some embodiments, the communication interface can be a cellularinterface for sending SMS or USSD messages, or a NFC or RF interface forsending NFC or RF communications. In other embodiments, thecommunication interface can be any of the communication interfacesprovided in the communication device. As another example, the devicecommand can instruct the communication device to display plaintext dataor information to a user that the cryptographic expansion devicedecrypted from an encrypted message sent to the communication device. Itshould be understood that depending on the secure operation that isbeing requested or associated with the protocol message received fromthe communication device in block 1012, the cryptographic expansiondevice may send more than one device command to the communication deviceto carry out the secure operation, and that in some embodiments, therecan be multiple iterations of protocol message and device commandexchanges to carry out a secure operation.

Referring back to block 1104, if the cryptographic expansion devicedetermines that the protocol message is associated with a non-secureoperation that is intended for the communication component, then atblock 1110, the cryptographic expansion device forwards or passesthrough the protocol message to the communication component. At block1112, the communication component may reply to the cryptographicexpansion device with a response to the protocol message. Upon receivingthe response to the protocol message from the communication component,at block 114, the cryptographic expansion device forwards or passesthrough the response to the communication device.

It should be appreciated that while the methods and apparatuses forsending and receiving secure communications discussed above have beendescribed with reference to performing financial and/or bankingtransactions from a mobile device, the methods and apparatuses discussedabove can also be used to perform secure communications from a mobiledevice for other applications as well, such as personal or corporatesecure communication (e.g., for sensitive or confidential communicationsto avoid industrial espionage), health care communication (e.g., forconfidential medical information or electronic prescription delivery),or governmental agency communication (e.g., for law enforcement).

FIG. 12 shows a communication device 1200 according to the some of theembodiments described above. The communication device 1200 includes acommunication component reader 1225 for accepting a communicationcomponent such as a SIM card that may be equipped with a cryptographicexpansion device. The communication device 1200 also includes a display1212, an input element 1214, computer readable medium 1224 such asvolatile and non-volatile memory, processor 1210 and at least oneantenna 1220. In addition, the communication device 1200 may include adual interface including both contact (not shown) and contactlessinterface 1216 for transferring information through direct contact orthrough an integrated chip, which may be coupled to a second antenna. Inaddition, the communication device 1200 may be capable of communicatingthrough a cellular network, such as GSM through an antenna 1220. Thus,the communication device 1200 may be capable of transmitting andreceiving information wirelessly through both short range NFC, radiofrequency (RF) and cellular connections.

In certain implementations, individual blocks (or steps) described abovewith respect to the Figures may be combined, eliminated, or reordered.Any of the software components or functions described in thisapplication, may be implemented as software code to be executed by aprocessor using any suitable computer language such as, for example,Java, C++ or Perl using, for example, conventional or object-orientedtechniques. The software code may be stored as a series of instructions,or commands on a computer readable medium, such as a random accessmemory (RAM), a read only memory (ROM), a magnetic medium such as ahard-drive or a floppy disk, or an optical medium such as a CD-ROM. Anysuch computer readable medium may reside on or within a singlecomputational apparatus, and may be present on or within differentcomputational apparatuses within a system or network.

The present invention can be implemented in the form of control logic insoftware or hardware or a combination of both. The control logic may bestored in an information storage medium as a plurality of instructionsadapted to direct an information processing device to perform a set ofsteps disclosed in embodiments of the present invention. Based on thedisclosure and teachings provided herein, a person of ordinary skill inthe art will appreciate other ways and/or methods to implement thepresent invention.

Any recitation of “a”, “an” or “the” is intended to mean “one or more”unless specifically indicated to the contrary.

The above description is illustrative and is not restrictive. Manyvariations of the invention will become apparent to those skilled in theart upon review of the disclosure. The scope of the invention should,therefore, be determined not with reference to the above description,but instead should be determined with reference to the pending claimsalong with their full scope or equivalents.

What is claimed is:
 1. A label comprising: a first set of electricalcontacts disposed on a top side of the label for interfacing to acommunication device; a second set of electrical contacts disposed on abottom side of the label for interfacing to a communication component; acoupling element configured to attach the label to the communicationcomponent; and a hardware security module disposed in the label andcoupled to the first and second sets of electrical contacts, wherein thehardware security module includes a secure processing unit and a publicprocessing unit.
 2. The label of claim 1, wherein the communicationcomponent is a communication card, and the coupling element is anadhesive material disposed on the bottom side of the label.
 3. The labelof claim 2, wherein the communication card is a Subscriber IdentityModule (SIM) card.
 4. The label of claim 2, wherein the publicprocessing unit comprises: a communication device interface coupled tothe first set of electrical contacts; and a communication componentinterface coupled to the second set of electrical contacts; wherein thepublic processing unit is configured to process messages received at thecommunication device interface and the communication componentinterface.
 5. The label of claim 4, wherein the public processing unitis configured to send, to the secure processing unit, requests toperform cryptographic operations in response to receiving messages onthe communication device interface that are associated with secureoperations.
 6. The label of claim 4 wherein the public processing unitis configured to pass through messages that are associated withnon-secure operations between the communication device interface and thecommunication component interface.
 7. The label of claim 5, wherein thesecure operations include sending secure communications using acommunication protocol selected from a group consisting of Short MessageService (SMS) protocol, Unstructured Supplementary Service Data (USSD)protocol, Near Field Communication (NFC) protocol, and Radio Frequency(RF) communications protocol.
 8. The label of claim 7, wherein thesecure communications are used in financial transactions.
 9. A systemcomprising: a communication component; and a label attached to thecommunication component, the label comprising: a set of electricalcontacts electrically coupled to the communication component; acryptoprocessor disposed in the label; and a processor disposed in thelabel and coupled to cryptoprocessor, wherein the label enables acommunication device using the communication component to send encrypteddata using the cryptoprocessor in the label.
 10. The system of claim 9,wherein the communication component is a communication card, and thelabel is attached to the communication component with an adhesivematerial.
 11. The system of claim 10, wherein the label is configured torender the cryptoprocessor and the processor unusable when an attempt ismade to remove the label from the communication card.
 12. The system ofclaim 10, wherein the cryptoprocessor is configured to respond only toencryption and decryption requests from the processor.
 13. The system ofclaim 10, wherein the encrypted data is sent using a communicationinterface of the communication device.
 14. The system of claim 13,wherein the communications device is a mobile phone, and thecommunication interface is one of a cellular communications interfacefor transmitting SMS messages, a cellular communications interface fortransmitting USSD messages, a NFC interface, and a RF interface.
 15. Thesystem of claim 13, wherein the encrypted data is associated with apayment transaction.
 16. A method for enabling transmission of securecommunications from a communication device using a label, wherein thelabel is attached to a communication component of the communicationdevice, the method comprising: receiving, in the label, a first message;determining that the first message is associated with a secureoperation; performing, by a cryptographic processor disposed in thelabel, a cryptographic operation on data associated with the secureoperation; and sending the data processed by the cryptographic processorfrom the label to the communication device for transmission in a securecommunication.
 17. The method of claim 16, further comprising: sendingthe secure communication from the communication device in one of a SMSmessage, a USSD message, a NFC communication, and a RF communication.18. The method of claim 16, further comprising: receiving, in the label,a second message; determining that the second message is associated witha non-secure operation; and passing through the message to thecommunication component.
 19. The method of claim 16, wherein the dataprocessed by the cryptographic processor is associated with a financialtransaction being conducted with the communication device.
 20. Themethod of claim 16, wherein the cryptographic operation is performed inresponse to an encryption or decryption request sent to thecryptographic processor from a public processor disposed in the label.21. The method of claim 20, wherein the cryptographic processor isaccessible to both the communication component and the communicationdevice only through the public processor disposed in the label.
 22. Themethod of claim 16, wherein the communication component is a SIM card,and the communication device is a mobile device.